CVE-2014-5266 : The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, doe

The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.

Published 2014-08-18 11:15:27

Updated 2015-11-25 20:39:20

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Threat overview for CVE-2014-5266

Top countries where our scanners detected CVE-2014-5266

Top open port discovered on systems with this issue 80

IPs affected by CVE-2014-5266 48

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-5266!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-5266

Probability of exploitation activity in the next 30 days: 92.86%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2014-5266

Wordpress XMLRPC DoS

Disclosure Date: 2014-08-06

First seen: 2020-04-26

auxiliary/dos/http/wordpress_xmlrpc_dos

Wordpress XMLRPC parsing is vulnerable to a XML based denial of service. This vulnerability affects Wordpress 3.5 - 3.9.2 (3.8.4 and 3.7.4 are also patched). Authors: - Nir Goldshlager - Christian Mehlmauer <FireFart@gmail.com>

More information

CVSS scores for CVE-2014-5266

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2014-5266

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-5266

https://wordpress.org/news/2014/08/wordpress-3-9-2/

News – WordPress 3.9.2 Security Release – WordPress.org
Vendor Advisory

CVEs referencing this url
https://core.trac.wordpress.org/changeset/29404

Changeset 29404 – WordPress Trac

CVEs referencing this url
http://www.debian.org/security/2014/dsa-2999

Debian -- Security Information -- DSA-2999-1 drupal7

CVEs referencing this url
https://www.drupal.org/SA-CORE-2014-004

SA-CORE-2014-004 - Drupal core - Denial of service | Drupal.org
Vendor Advisory

CVEs referencing this url
http://cgit.drupalcode.org/drupal/diff/modules/openid/xrds.inc?id=1849830

CVEs referencing this url
http://www.debian.org/security/2014/dsa-3001

Debian -- Security Information -- DSA-3001-1 wordpress

CVEs referencing this url
http://cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830

CVEs referencing this url

Products affected by CVE-2014-5266

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.10
cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.3
cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.1
cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Beta2
cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha7
cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha2
cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0
cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.12
cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.18
cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.20
cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.22
cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC3
cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.16
cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC2
cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta3
cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.8
cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.7
cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.6
cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.5
cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.4
cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha6
cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha5
cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha4
cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha3
cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.2
cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.10
cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.9
cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.1
cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC1
cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0
cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.11
cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.3
cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update RC3
cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update RC2
cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update RC1
cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update DEV
cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.6
cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.7
cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.5
cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.14
cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.13
cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.21
cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.24
cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.23
cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update RC4
cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta2
cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.11
cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.9
cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.2
cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update RC4
cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Beta3
cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Beta1
cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.0 Update Alpha1
cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.x-dev
cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.15
cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.8
cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.19
cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.17
cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update DEV
cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta4
cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.4
cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.0 Update Beta1
cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.12
cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.13
cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.14
cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.15
cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.25
cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.26
cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.17
cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.16
cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.18
cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.27
cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.19
cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.28
cpe:2.3:a:drupal:drupal:6.28:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.23
cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.22
cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.21
cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.20
cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.24
cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.26
cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.28
cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.25
cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.27
cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.30
cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.29
cpe:2.3:a:drupal:drupal:6.29:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.30
cpe:2.3:a:drupal:drupal:6.30:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.32
cpe:2.3:a:drupal:drupal:6.32:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 7.29
cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*
Matching versions
Drupal » Drupal » Version: 6.31
cpe:2.3:a:drupal:drupal:6.31:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress
Versions up to, including, (<=) 3.9.1
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.0
cpe:2.3:a:wordpress:wordpress:3.0:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.0.1
cpe:2.3:a:wordpress:wordpress:3.0.1:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.2 Update Beta1
cpe:2.3:a:wordpress:wordpress:3.2:beta1:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.1
cpe:2.3:a:wordpress:wordpress:3.1:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.1.1
cpe:2.3:a:wordpress:wordpress:3.1.1:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.1.2
cpe:2.3:a:wordpress:wordpress:3.1.2:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.0.4
cpe:2.3:a:wordpress:wordpress:3.0.4:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.0.5
cpe:2.3:a:wordpress:wordpress:3.0.5:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.0.3
cpe:2.3:a:wordpress:wordpress:3.0.3:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.0.2
cpe:2.3:a:wordpress:wordpress:3.0.2:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.3
cpe:2.3:a:wordpress:wordpress:3.3:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.2.1
cpe:2.3:a:wordpress:wordpress:3.2.1:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.1.4
cpe:2.3:a:wordpress:wordpress:3.1.4:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.1.3
cpe:2.3:a:wordpress:wordpress:3.1.3:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.0.6
cpe:2.3:a:wordpress:wordpress:3.0.6:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.4.0
cpe:2.3:a:wordpress:wordpress:3.4.0:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.3.3
cpe:2.3:a:wordpress:wordpress:3.3.3:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.3.2
cpe:2.3:a:wordpress:wordpress:3.3.2:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.2
cpe:2.3:a:wordpress:wordpress:3.2:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.3.1
cpe:2.3:a:wordpress:wordpress:3.3.1:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.4.2
cpe:2.3:a:wordpress:wordpress:3.4.2:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.4.1
cpe:2.3:a:wordpress:wordpress:3.4.1:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.5.0
cpe:2.3:a:wordpress:wordpress:3.5.0:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.5.1
cpe:2.3:a:wordpress:wordpress:3.5.1:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.7
cpe:2.3:a:wordpress:wordpress:3.7:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.8
cpe:2.3:a:wordpress:wordpress:3.8:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.8.1
cpe:2.3:a:wordpress:wordpress:3.8.1:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.6.1
cpe:2.3:a:wordpress:wordpress:3.6.1:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.6
cpe:2.3:a:wordpress:wordpress:3.6:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.9.0
cpe:2.3:a:wordpress:wordpress:3.9.0:*:*:*:*:*:*:*
Matching versions
Wordpress » Wordpress » Version: 3.7.1
cpe:2.3:a:wordpress:wordpress:3.7.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-5266